runcrypt - Encrypt and mail output from command in arguments
runcrypt [--sign[=(1|0)] [--encrypt[=(1|0)] [--keyid KEYID] [--passfile PATH] [--mailto RECIPIENT] [--name NAME] COMMAND [ARG1 ...]
This program applies Mail::Run::Crypt to run a command and send any output or error content to the specified address. More information is available in the documentation for that module.
The arguments beyond the options are used as the command name to run:
runcrypt rsync -a /mnt/a remote:mnt/b
--mailto
The recipient address for the encryption portion of the email. This defaults to the value of the environment variable RUNCRYPT_MAILTO if that is set, or MAILTO failing that, to make it suitable for use in a crontab(5) file.
RUNCRYPT_MAILTO
MAILTO
--encrypt
Whether to encrypt the output to the recipient. This defaults to 1.
--sign
Whether to sign the output. This defaults to 0. An ID and passphrase file will need to be provided for signing to work.
It is strongly recommended that a dedicated key and passphrase be used for signatures if this is needed. You should carefully consider the consequences of a compromised key.
--keyid
The GnuPG key ID that should be used to sign messages. This is required for signing, and has no effect if --sign is not given. It can be any means of identifying the key acceptable to GnuPG; the key's 8-byte ("long") hexadecimal ID prefixed with 0x is probably the best way.
0x
This defaults to the value of the environment variable RUNCRYPT_KEYID.
RUNCRYPT_KEYID
--passfile
Path to a filename that should be read to get the key passphrase for signing. This defaults to the value of the environment variable RUNCRYPT_PASSFILE. This is required for signing, and has no effect if --sign is not given.
RUNCRYPT_PASSFILE
One trailing newline will be removed from the file contents with chomp if present.
chomp
It is strongly recommended, but not enforced by this program, that this file have strict permissions (not group or world-readable).
By design, there is no way to specify the passphrase directly as an argument. This has too many negative security implications.
--name
The name for this instance of the module, which will be used as the first word of the subject line of any email messages it sends. This defaults to runcrypt, which is probably good enough in most cases.
runcrypt
Usage information could not be written to the standard output stream.
Usage information could not be written to the standard error stream.
The specified passphrase file could not be opened. This is a fatal error.
The specified passphrase file could not be closed. This is not a fatal error.
The program exits with the same exit value of the command that it ran, or 127 if the command could not be run at all. See the bail() method in Mail::Run::Crypt.
bail()
You will need to have a functioning GnuPG public key setup for this to work, including stored keys or a key retrieval system for your recipients. You will also need a secret key if you want to sign the messages.
You should definitely not use your personal key for this; generate one specifically for mail signing and encryption instead.
I wrote a tutorial on GnuPG key setup, including agent configuration, as part of this series:
https://sanctum.geek.nz/arabesque/series/gnu-linux-crypto/
Perl v5.8.1 or newer
English
File::stat
Getopt::Long::Descriptive
Mail::Run::Crypt
This module uses Mail::GnuPG and other GPG-specific code, so it won't work with any other OpenPGP implementations.
Definitely.
Tom Ryder <tom@sanctum.geek.nz>
<tom@sanctum.geek.nz>
Copyright (C) 2017 Tom Ryder
This program is free software; you can redistribute it and/or modify it under the terms of the Artistic License (2.0). You may obtain a copy of the full license at:
http://www.perlfoundation.org/artistic_license_2_0
Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.
If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.
This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.
This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.
Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
To install Mail::Run::Crypt, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Mail::Run::Crypt
CPAN shell
perl -MCPAN -e shell install Mail::Run::Crypt
For more information on module installation, please visit the detailed CPAN module installation guide.